Thycotic’s Cyber Security Publication

What is PuTTY and what’s new with it in 2017?

September 7th, 2017

What is PuTTY?

PuTTY is an open source application that allows you to connect remotely to many different types of systems, over various communication protocols. However, PuTTY is most famously used for SSH connects from Windows systems to Unix based systems. This application allows you to connect your private SSH keys and enter passphrases for remote connections.

PuTTY has been around since the early 2000s, and nobody is really sure what the name stands for.

So what’s new with PuTTY in 2017?

This age old adage applies here: “If it ain’t broke, don’t fix it”. PuTTY, being a widely used and open source application, doesn’t really go through a lot of enhancements and upgrades. Most of the changes that are done year over year are security or bug fixes, and keeping up with changes to communication protocols.

Early 2017 saw the availability of PuTTY as a 64-bit client, as well as the support for elliptic curve cryptography. Most other updates thus far in 2017 are focused on security fixes, with the emphasis on DLL hijacking.

So that’s it! Nothing really amazing to capture here with such a well built and commonly used application. However, I thought I’d spend a little time talking about elliptic-curve cryptography, because, why not?

What is Elliptic Curve Cryptography

Elliptic Curve cryptography is another, more recently developed, form of public-key cryptography. Cryptography, specifically public-key cryptography, is generally based on some type of mathematically impossible challenge. For example, the typical RSA public/private keypairs are based on two very large prime numbers that are nearly impossible to factor without a lot of computing power and lot of time. Elliptic Curve is another form of a mathematical challenge that is even more difficult to solve, based on “finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point”.

NIST approves and recommends the use of elliptic curve cryptography.

One of the main advantages? It’s reportedly more secure than the Prime number cryptography, with smaller key sizes, thus allowing for faster encryption/decryption.

FREE Privileged Account Management for Dummies book

Get smart about Privileged Account password security with this quick read